• BLOG
  • MobileIron statement on Schneider v. MobileIron lawsuit

MobileIron statement on Schneider v. MobileIron lawsuit

August 12, 2015

On August 5, 2015, in Schneider v. MobileIron, Inc., et al, a plaintiffs law firm filed a purported class action lawsuit on behalf of a single stockholder asserting claims under Section 11 of the Securities Act, against MobileIron and others. The suit alleges that in the May 2014 timeframe, a “hacker compromised the MobileIron administrative server” and was able to wipe devices held by employees of Aviva, a British insurance company and MobileIron customer.

We believe that this recent lawsuit is without merit and intend to defend against it aggressively.

Here’s what happened. A systems integrator in the UK, Esselar, was providing a managed service using MobileIron to mutual customer Aviva. Esselar's support staff had access to the MobileIron IT administrative console in order to manage the MobileIron service on behalf of Aviva. A former senior technical Esselar employee gained access to Esselar’s system by using a username/password that had not been changed after his departure, and was able to send a message to and then wipe the Aviva employees’ devices.

The incident did not occur as a result of a vulnerability in MobileIron’s software or systems. It was the result of poor internal password management by Esselar, which Esselar informed us was subsequently addressed. On June 23, 2014, we issued a public statement regarding the incident explaining that this was not a MobileIron vulnerability: https://www.mobileiron.com/en/blog/mobileiron-statement-schneider-v-mobileiron-lawsuit. The former Esselar employee was later criminally charged and pleaded guilty. Story here.

For these reasons and many others, MobileIron believes the allegations in the complaint are inaccurate and meritless. MobileIron’s policy is not to discuss pending litigation but this was too egregious to let pass without comment.

Updated August 25, 2015:

Justice was served in the UK yesterday when Richard Neale, former CTO of Esselar, was sentenced to 18 months in jail for his attack on Aviva’s mobile devices: Read full reports in The Daily Mail and Insurance Age.

Laurel Finch

Laurel Finch,

Similar Blogs